Do we need a code of conduct for writing blogs?

According to DLA Piper, only 5% of Internet users know the legal rights and wrongs of posting online. It also found that 77% of bloggers were unaware of the law surrounding publication and journalism.

The same study found that 42% of Internet users believe that bloggers should be made to follow the same legal standards as journalists. 46% like the idea of a voluntary code of conduct. Bloggers however, don’t agree, only 32% support the idea with 34% directly opposed.

According to a spokesman from DLA Piper, there is potential for bloggers to end up in court. Beyond defamation and employment law, there are plenty of other issues which bloggers could trip up on. Issues such as, but not limited to: Libel, Contempt of court, the Telecommunications act, Protection from harassment act, even the anti-terrorist legislation.

Given that nobody reads website Terms and Conditions (and many still do not have them!) wouldn’t a code of conduct be pointless? Essentially, a code of conduct is not a set of laws, followers of this conduct will however protect themselves against some potential legal surprises if UK companies and individuals do decide to clamp down. A court may even look more favourably on them for following the voluntary code if the matter does reach a court.

Who would sign up for a voluntary code of conduct? Would it be those who are already careful in what they publish? or would it be the trouble makers inspiring this discussion in the first place?

Windows has long been the frontrunner for PC operating systems. A few other systems came and went primarily for large office network use, but one has been slowly growing in the background for the desktop and is starting to take on the big boys; Ubuntu Linux.

Linux has a long long history, but has always been the choice of geeks and nerds and is better known today as a stable web server platform rivalling Microsoft products to host websites and applications but usually this meant advanced programming techniques to install hardware and software so was never useful for the ‘normal’ end user.

Yesterday I downloaded and installed Ubuntu 8.04, the latest version, completely replacing windows vista and wow! A nice, clean, customisable graphic interface allowed an easy install. My Acer Aspire lapto worked out of the box, my portable Dell D410 needed an extra package to allow my wireless network to work, and my Fujitsu-Seimens Amilo, again no problems.

Ubuntu now has some nice graphic effects to rival Vista although it is lacking the translucent ‘glass’ effect. Is this really needed when there are some extras thrown in which even Microsoft didn’t think about! It also comes bundled with the most commonly used software with the ability to add new programs very easily. It comes with Firefox web browser, Open Office word processor, spreadsheets etc. It has an IM to replace MSN (ad free), Gimp graphics editing suite, music players, video players, ipod software and much much more.

Best of all, Ubuntu is free and so is most of the software used with it. This has always been the case, and always will be. If I want some accounting software for my small business, instead of searching for and buying it, I just open the ‘add remove programs’ option and select it from a huge list of available software. Ubuntu then downloads, configures and installs it without asking for credit card details, annoying confirmations and silly ‘advanced’ questions.

Ubuntu have certainly been working hard and are ready for the ‘normal’ user’s desktop. Hardware compatibility isn’t 100%, but on most modern PCs and laptops, there are no problems. (This can be tested before install)

There are downsides however, if you need very specific software, you will generally have to forget the move.  While Gimp (the graphics package) works very well with all sorts of art formats like Photoshop, PNG etc, you need to relearn the interface and accept that photoshop just itself won’t be available. Gimp does however have lots of functionality so it’s not to be sniffed at! (try gimp here, also available for windows) Also if you have software to run your mobile phone or PDA, you may find it’s unavailable, particularly if it’s windows based or custom phone software. (Microsoft et al. like to lock their software to ensure noone can copy it, it can lead to difficulties when writing software to synchronise.

Open office (also available for windows) is a very good MS Office replacement. It has some minor incompatibilities with newer MS Office formats but then so does MS Office.

The next time you swear at your computer for lost data, blue screens and general annoyance, remember that there is an alternative! Talk to your IT team or a geeky nephew. Ubuntu Linux is a fantastic alternative. If you want to see if it will work on your computer, download it, burn it to disk, boot up on the CD and choose the ‘try’ option instead of install and it will run right from the CD with most functionality in place. (Be aware that running off the CD will make Ubuntu seem slower than it is. Once installed, it will run much more smoothly. See Ubuntu Here

When testing, remember to check compatibility with everything you need! The last time I did this, I forgot the printer, the most fundamental peice of hardware which, if it doesn’t work, makes Ubuntu a terrible replacement.

If you have a particularly large hard drive, you can also set up a dual boot. This means windows and ubuntu work alongside each other so when turning your computer it will ask which you would like to use.

Extra benefits to note:

Most virus’s are programmed for Windows, not Linux.
You’re not funding Microsoft’s billions of pounds of advertising, CD creation and distribution meaning you are being ‘greener’.
You’re voting with your feet when it comes to Microsoft’s global domination.
Ubuntu is available for Mac to replace OSX.

With IT taking on more roles in our finances, security is getting tighter and pushing the world’s best hackers into higher sophistication. If a virus on a single school computer is a small rash, then a DNS attack like those on presently is the HIV of the internet. According to Kaminsky 52% of DNS servers are still at risk.

A website doesn’t really have a name, facebook isn’t really at facebook.com, it’s really at  69.63.178.11, Zakomedia.com is at 79.170.40.33

These numbers (known as IP) make no sense to a human, could you imagine it printed on your business card? The domain name was born. If your house were a website, it’s longitudal and latitudal coordinates would be the IP address and the domain name would be your postal address.

So when you type ‘facebook.com’ into the address bar, your computer sends this request to your ISP’s DNS. (In my case, Virgin Media) Virgin’s DNS server has a list and checks facebook in this list to determine it’s IP. If it can’t find it, it forwards the request to the next nearest DNS and this can go on. Eventually they will come back with the correct IP and send you to the correct website.

The security flaw affects just over 1/2 of these DNS servers and would enable someone to add a false IP to a name. This means a request to ‘www.natwest.com’ could give a false IP reading and send you to another site made up to look like the original and ask you to log in with your bank details… www.natwest.com would still appear in the address bar and you would be none the wiser until every penny was drained from your account to an unnamed Swiss account holder.

The truth is that DNS owners have known about this problem for about 2 weeks and many have still done nothing about them! This puts us, the consumers at a serious risk! 52% of the world could be lead to the wrong banking site to input their details… that’s not a gamble I’m willing to take!

So without trying to scaremonger, there is a way of testing whether or not you are likely to be affected. Go to http://www.doxpara.com/ and use the ‘Check DNS’ button on the right. Ignore the messages below, but read the text which appears. It doesn’t say you ARE affected, it simply tells you if your local DNS is at risk or patched to avoid this threat. If it is at risk, avoid sending sensitive data online. (i.e. banks, logins etc.) Reading the news, weather, and checking mail with outlook or outlook express should be fine. You can resume normal activity when a new test confirms you are ok. If you’re DNS comes out with the message:

xx.xx.xx.xx has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.

Then you can be happy and relax in the knowledge that your ISP (whether it’s BT, AOL, Virgin etc) has it’s customers in mind and is keeping you secure.

Identity theft is big business! With the information sharing age upon us, should we take steps to start the information restriction age to protect our online identities from theft? More and more of our business and personal practices are online. We make payments online, transfer and recieve large quantities of money online. Our banks are online. Facebook, Linkedin, Bebo, Ecademy, Twitter users have much of their personalities online. Websites simply aren’t protecting our online identities the way they should be, and the law doesn’t want to know, so we have to take matters into our own hands!

This is by no means a definitive list so please do add ideas into the comments if there’s anything you feel should be added.

Basic steps to protect your identity online:

Passwords:

First and easiest route for online identity theft is the human element; passwords. I can access my business bank account with a single username and password and that scares me, but it doesn’t have to. To obtain this information, an identity thief can use 3 methods:

1. Know what I like and try to guess the password based on my interests, relationships, date of birth. (all of which can be obtained through facebook!)SOLUTION: Do not choose easily guessable passwords (and no S1m0n isn’t much more secure than Simon when using real words)
2. If I use the same password for more than one service, someone gets hold of the password for one system and can access another. This can happen by signing in to an untrusted website where they’re not asking for money but you do need to register. It can happen by a legitimate website being hacked or it could even be overheard or abused when you’re in a hotel foyer, calling home directing your friend or PA into your email to get your booking details.
   
   SOLUTION: Use a different password for different websites.Alternatively use one secure password for the secure sites and lesser passwords for lesser sites. i.e. my business and personal banks have the same password. My hotmail account (used for junk only) and facebook account use another.
3. The Brute Force or dictionary attack uses random characters or known words with and without numbers to keep guessing. This is done automatically and can guess around 10,000 possible combinations in an day. If your password happens to be in a dictionary with or without numbers no matter how obscure, the password will be guessed within a few hours. If you had a long random list of numbers and letters, it could take weeks or even months. Some websites lock out after a few guesses to try and prevent it, but most don’t.SOLUTION: Choose passwords as randomly as possible but it needs to be memorable!

   One tip I’ve heard for helping to keep passwords obscure for both computers and humans is to anacronym it. For example, I could have the password: MWCFMAICFMK based on the phrase: “My wife comes from Mauritius and I come from Milton Keynes” It makes it random but memorable for someone who knows this keyphrase. Add some numbers in there to increase randomness and you’re laughing. The common way is to change similar letters and numbers. (for example the letter i becomes the number one) This can help but don’t rely on it 100%.

   Finished Password: mwcfm41cfmk (12 characters)

Forgotten Passwords

Ok my password is secure. The second route into less secure sites is hitting the ‘Forgotten password’ button. Some ask simple information (mothers maiden name, date of birth etc.) before emailing them to the account in your profile, some just email, some will allow a complete password reset and only email to confirm giving immediate but limited access. You therefore need to protect your mother’s maiden name, and your date of birth. The trouble is that this information isn’t all that hard to get hold of!

Solutions? When you’re asked for your date of birth and mother’s maiden name on non-trusted sites and where lying isn’t going to be called fraud, lie. Use a date of birth and name which means nothing realistically to you but which only you know as being your backup details. This way people who know your real DOB won’t be able to gain access.  Obviously when applying for credit, insurance etc. you have a legal obligation to provide your real details but these tend to be more secure.

Post-it Notes

One of the biggest no-goes in the history of computers! Never, under any circumstances, at all, ever write down your passwords on a post-it note and stick it to your monitor! The back of your desk diary is the second most common place to write it. This can be as helpful as sending a mass email with all your passwords to your friends, IT repairman, next door neighbour’s son who helps you every time you get a virus etc etc etc…

If you need to write your access details down at any point, you need to keep this as secure as the original information. Don’t label it ‘Passwords’ don’t leave it within easy and obvious access from the PC. write the actual password element backwards. Anyone who tried it the normal way will assume it’s out of date and give up. My sheet with the password above would read:

Hotmail:
simon@hotmail.com
kmfc14mfcwm

The Computer :

While we’re working in the office, the next thing to keep secure is the computer. Make sure you have a good anti-virus. AVG is one of the best I’ve ever used in the last 10 years, and they do have a free version for domestic use (http://free.avg.com/) How will this help?

Some of the worse virus’ and programs you can have on your PC are the ones that don’t do anything visibly. Some can sit there logging everything you type (usernames, letters, passwords, emails, credit card numbers) and send them off to the originator to decode. A good virus scan should keep these out and keep you safe.

Some people also recommend lavasoft’s adaware too to run every so often. This helps catch things which aren’t specifically classed as virus’s but can be damaging. Don’t be alarmed when you see the number of things it will find, to be on the safe side, it removes everything which could track what you’re doing including internet cookies which are very limited and don’t really do anything bad besides help record that you’re logged into a site but doesn’t give away passwords. Their free version is here: http://lavasoft.com/products/ad_aware_free.php

The websites

The websites themselves can also be quite weak. When you sign up with a site or make a payment, it’s illegal for the website owner to store your credit card details and certain others without a minimum level of security… but who enforces laws on the internet? Only use trusted websites with a proven track record to give your more private details to.  If you don’t trust them or there’s doubt, signup for a free hotmail or yahoo email address and use that for these sites only. If you’re likely to get one email and nothing more, consider using Temporary Inbox

Facebook

Facebook and other social networking sites can cause a real threat. Just this week, a security threat lead to users details being exposed. (read about the latest facebook security hole here)

The truth is that most data handed out has to have been given in the first place. Try using your secondary date of birth, mother’s maiden name etc. and ONLY put information on the world wide web which you want everyone on the world wide web to see! It doesn’t matter that people can or can’t see your date of birth as all someone has to do is scan through your wall or public messages and look for the abundance of ‘Happy Birthday’ messages from your friends and family and look at the date of posting!

Scam and Spam

Occasionally you will probably receive notifications of account closures or emails requesting you to click a link and log in. DON’T! If there is a doubt, go to the website in question manually, do not use the links provided if you then have to insert your password details. This is known as Phishing. They can divert you to their own website made to look like your bank, paypal etc encouraging you to log in. If you get an email from Natwest requesting that you log in, open your browser, go to www.natwest.com and log in there. According to Sophos, only 1 in 28 emails are actually legitimite.

Making Payments

Many of my clients want to take payments online and always scoff at the idea of offering paypal payments. Paypal is a good system with the buyer in mind.They do have higher than average charges but personally I feel you get value for money. They are at the end of the day, just another website, but they are big enough and their whole purpose of being is around security. Without that, the whole business would collapse overnight!

As I said at the beginning, this is not a definitive list but contains all the most relevent and basic things to know about putting your information online. It’s a lawless society which is slowly dominating our lives and should be treated with care!

“Cloud computing” is a white-hot buzzword these days. It basically means working with files and programs that reside on the Internet, beyond your company’s walls — out there in the “cloud.”

With the MobileMe service, photos can be uploaded to a gallery site, where visitors can download them for printing.

Everyday consumers are doing cloud computing, too, maybe without even realizing it. When you use an Internet-based backup service, or Google’s online word processor or spreadsheet, or a Gmail or Yahoo mail account, you’re working with data on a secure Internet server somewhere — not on your hard drive.

Apple is the latest company to find a silver lining in the cloud. Its new MobileMe service ($100 a year) is an overhaul of a suite of Internet features that used to be called .Mac.

Over the years, two million people signed up for .Mac, according to Apple, even though it was a sort of motley, unfocused service.

MobileMe, however, has a much clearer mission that solves a much clearer problem. It’s meant to keep the e-mail, calendars, address books and Web bookmarks on all of your computers — Macs, Windows PCs, iPhones and iPod Touches — synchronized in real time.

It works by storing the master copy of all this information in the cloud. Whenever your machines are online, they connect to the mother ship and update themselves. When you edit an address on your iPhone, you’ll find the same change in Address Book (on your Mac) and Outlook (on your PC). If you send an e-mail reply from your PC at the office, you’ll find it in your Sent Mail folder on the Mac at home.

MobileMe can be very helpful to families with busy calendars; now everybody can refer to the same, always-current datebook. You also escape the “two mailbox problem,” where your cellphone and computer have different e-mail addresses, so you can never remember where you read something. And you’ll never have to call home to ask someone to look up a phone number for you.

All of this should sound familiar to corporate employees; the BlackBerry works much the same way, and so do computers and phones that connect to corporate Exchange servers. Indeed, Apple’s tag line for MobileMe is “Exchange for the rest of us.” (Which is an odd slogan, since the target audience — “the rest of us” — is people who have no idea what Exchange is.)

So how is MobileMe? Well, let’s get the ugliness out of the way first: Its debut last week was a disaster that persisted for days. Existing .Mac members were supposed to be upgraded automatically, but many wound up having no e-mail at all for a day or two. There were bugs, glitches and error messages for days, making it one of the most ham-handed launches in Apple history.

Maybe it wasn’t such a hot idea to introduce MobileMe and the iPhone 3G simultaneously. (Apple has since apologized to its customers and extended their subscriptions by 30 days.)

All right, then: how is MobileMe now?

Allow a couple of hours to set it up. There’s a lot of stuff to download and prepare, and Apple’s instructions aren’t always complete.

You also have to set up your e-mail program to recognize your new MobileMe e-mail address, which ends with the conveniently short “me.com.” Mine, for example, is pogue@me.com; one perk of this fledgling service is that all the good addresses aren’t yet taken, as they are on Yahoo and Gmail.

(Apple won’t say how much it paid to get the juicy domain name me.com. “Let’s just say it wasn’t sitting for $9.95 in the domain registry,” cracked a product manager.)

Once everything’s ready, the magic is impressive. Make a change on your Mac, watch it appear on your iPhone and your PC. Add a new friend to the address book in Outlook Express on your Windows XP machine, and watch it appear in Windows Contacts on your Vista PC. Change an appointment in iCal on the kitchen Mac, and know that it will wirelessly sprout onto your traveling spouse’s iPhone four states away. And your Web bookmarks are the same everywhere.

If a change is made on two machines simultaneously, you’re presented with the conflict — you see both versions — and with one click, you choose which one “wins.”

On Macs, MobileMe can keep even more stuff synched, including your passwords and preference settings.

Actually, there’s a fourth place where you can work with your data: on the Web. At Me.com, Apple has built attractive, ad-free, online versions of your address book, calendar, e-mail program and photo-organizing programs. Unlike most Web programs, these have the fluidity and shortcuts of desktop software. For example, you can drag and drop messages into e-mail folders, flip through photos with the mouse, drag vertically to create appointments on your calendar’s timeline, hit the Enter key instead of clicking O.K. in a dialog box, and so on.

The beauty of the Web is, of course, that you can get to it from almost any computer. Beware, though: you need the latest version of Firefox or Apple’s Safari Web browser to exploit all the features. (After all those years of being treated like an oppressed minority, it must give Apple some satisfaction to exclude Internet Explorer because it “has known compatibility issues with modern Web standards.”)

There’s actually a lot more to MobileMe than sync, since it also retains most of the features of the old .Mac service.